Cybersecurity is being called the most serious problem of this decade.
It is also opening up a whole new practice niche for lawyers.
Companies hit by hackers and data breaches are turning to law firms for help. And they’re paying big bucks for it.
Why? They like the privacy of the attorney-client relationship. And they need legal advice on the growing web of laws and regulations governing data security.
Some businesses aren’t sitting around and waiting to be hacked. They are proactively bringing lawyers on board to draft protocols and make sure their systems are safe and compliant.
This is from a recent article in the Wall Street Journal:
When Nationwide Mutual Insurance Co. discovered in October that a hacker had breached its systems and stolen personal details of roughly one million people, it put the internal probe in the hands of a law firm, rather than one of the forensic investigators typically retained for such incidents.
The insurer hired Boston-based Ropes & Gray LLP in part because the law firm could offer something a forensic firm couldn’t: attorney-client privilege and the secrecy it confers.
As data breaches and cybercrime become a bigger concern for companies, law firms are touting that secrecy in their efforts to win business. Law firms also help companies navigate the patchwork of federal and state laws governing public disclosures of data breaches.
As you might expect, firms are rushing to meet this need, starting with biglaw.
Alston & Bird LLP, one of the country’s 50-biggest firms, has hired a former Justice Department senior litigator for Computer Crimes and Intellectual Property. She will head the firm’s security-incident and management-response team – the first major law firm to form a section dedicated to cyber-law and data breaches.
But opportunities are opening up for solos, small and mid-size firms as well. After all, anybody who makes purchase or banks online has at least a nascent fear of being hacked.
6 Things To Know About Data-Breach Law
- The stakes are high. Companies who lose data-breach class-action litigation pay an average settlement of $2,500 per plaintiff, with attorney fees averaging around $1.2 million, according to a 2012 survey by Temple University Beasley School of Law.
- The problem is huge. In 2012, Verizon took a look at its own cyber-vulnerabilities. It uncovered 855 data breach incidents from 2011 alone. Those incidents led to 174 million compromised records.
- Public disclosure is sometimes required. The Securities and Exchange Commission is pressing companies to be more forthcoming about attacks on their computer networks. A recent federal Executive Order did the same thing. And 47 states have enacted data-breach notification laws. All of which puts private industries in a bind. They want to follow the law, but they also want to protect their trade secrets and customer info.
- The market is booming. The Department of Homeland Security reported a 383 percent increase in cyber-attacks in 2011. The near-certainty of increased government regulation will ensure a steady flow of work for law firms.
- Firms are hiring. Legal recruiters say top firms are placing a premium on cybersecurity experience. They love former prosecutors who understand cybercrime.
- The American Bar Association has formed a Cybersecurity Legal Task Force. Learn more about it here.
Jay Reeves a/k/a The Risk Man is an attorney licensed in North Carolina and South Carolina. Formerly he was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He likes baseball and Blue Note jazz. Contact firstname.lastname@example.org, phone 919-619-2441; http://www.riskmanlawsolutions.
For more information:
- Verizon, 2012 Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
- Federal Times http://www.federaltimes.com/article/20120703/IT01/307030004/Report-Cyber-attacks-critical-infrastructure-jump-383-2011,
- American Bar Association Cybersecurity Legal Task Force http://www.americanbar.org/content/dam/aba/marketing/Cybersecurity/aba_cybersecurity_res_and_report.authcheckdam.pdf
- Corporate Counsel – “Telling the FBI Your Company Has Been Hacked.” http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202601094171&slreturn=20130431121137
- Wall Street Journal http://online.wsj.com/article/SB10001424127887324883604578394593108673994.html